github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 16:34:31 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

DEV: Hash tokens stored from email_tokens (#14493)

Browse Source 
This commit adds token_hash and scopes columns to email_tokens table.
token_hash is a replacement for the token column to avoid storing email
tokens in plaintext as it can pose a security risk. The new scope column
ensures that email tokens cannot be used to perform a different action
than the one intended.

To sum up, this commit:

* Adds token_hash and scope to email_tokens

* Reuses code that schedules critical_user_email

* Refactors EmailToken.confirm and EmailToken.atomic_confirm methods

* Periodically cleans old, unconfirmed or expired email tokens
This commit is contained in:
Dan Ungureanu
2021-11-25 09:34:39 +02:00
committed by GitHub
parent 4c46c7e334
commit fa8cd629f1
34 changed files with 482 additions and 599 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/tasks/admin.rake
View File

@ -27,7 +27,7 @@ task "admin:invite", [:email] => [:environment] do |_, args|
user.email_tokens.update_all confirmed: true
puts "Sending email!"
email_token = user.email_tokens.create(email: user.email)
email_token = user.email_tokens.create!(email: user.email, scope: EmailToken.scopes[:signup])
Jobs.enqueue(:user_email, type: :account_created, user_id: user.id, email_token: email_token.token)
end